Topic: contract programming :: preconditions in STD
Author: =?UTF-8?Q?Andrzej_Krzemie=C5=84ski?= <akrzemi1@gmail.com>
Date: Fri, 24 May 2013 06:37:09 -0700 (PDT)
Raw View
------=_Part_49_30658112.1369402629855
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Hi everyone,
While trying to figure out what should the definition of "precondition" be=
=20
in C++, I collected a number of examples of potential preconditions, and=20
things that could be confused with preconditions, from the Standard=20
Library. These could serve as a basis for choosing the semantics of=20
preconditions. If you can think of any other kind of expectations on=20
function inputs that could possibly qualify for preconditions, please let=
=20
me know.
Regards,
&rzej
UB for performance reasons
21.4.5 (basic_string element access), paragraphs 1 and 3 :
reference operator[](size_type pos);
Requires: pos <=3D size().
Throws: Nothing.
To guarantee the maximum run-time performance we require of the callers=20
that they make sure the precondition holds. Somewhat similar example:
25.4.3.4 (binary_search), paragraph 1:
template<class ForwardIterator, class T, class Compare>
bool binary_search(ForwardIterator first, ForwardIterator last,
const T& value, Compare comp);
Requires: The elements e of [first,last) are partitioned with respect to=20
the expressions comp(e, value) and !comp(value, e). Also, for all elements =
eof[first, last),=20
comp(e, value) implies !comp(value, e).
Here, most of the requirement could be expressed with C++ expressions=20
(using C++14 polymorphic lambdas):
is_partitioned(first, last, [&value](auto&& e){
return comp(e, value);
});
is_partitioned(first, last, [&value](auto&& e){
return !comp(value, e);
});
all_of(first, last, [&value](auto&& e){
return !comp(e, value) || !comp(value, e); // antisymmetry
});
However, the runtime complexity of binary_search is O(log(n)) while the=20
complexity of the precondition is O(n).=20
However, there is also one implied precondition that cannot be easily=20
expressed: first and last must form a valid range. That is, there is no=20
expression that can return true for all valid ranges and false for all=20
invalid ranges. This is somewhat similar to checking if a non-null pointer=
=20
points to valid memory.
=93Logical=94 error with guaranteed error report
21.4.5 (basic_string element access), paragraphs 5 - 6:
reference at(size_type pos);
Requires: pos < size()
Throws: out_of_range if pos >=3D size().
This is accompanied by the controversial requirement from the standard=20
(17.6.4.11): =93Violation of the preconditions specified in a function=92s=
=20
Requires: paragraph results in undefined behavior
unless the function=92s Throws: paragraph specifies throwing an exception=
=20
when the precondition is violated.=94
Here, it is very well defined what happens in case we provide the=20
out-of-range index. This makes the following program well defined:
void listChars(string const& s)
{
int i =3D 0;
try {
while(true) cout << vec.at(i++);
}
catch(out_of_range const&) {}
}
The question is, why call out-of-range a =93precondition=94 if we accept it=
as=20
well-defined input? What is the definition of a precondition? What is the=
=20
purpose of specifying one? Is it a license to the compiler for rejecting=20
any code where it can prove that a precondition is violated? So should=20
smart compilers be allowed to reject functions like listChars above? Or is=
=20
precondition only a hint on usage for other developers?
Only an irregular input
20.8.11.2.4 (function invocation), paragraphs 1 and 3:
R operator()(ArgTypes... args) const;
Effects: INVOKE(f, std::forward<ArgTypes>(args)..., R), where f is the=20
target object of *this.
Throws: bad_function_call if !*this; otherwise, any exception thrown by the=
=20
wrapped callable object.
23.2.3 (Sequence containers), paragraph 17:
=93The member function at() provides bounds-checked access to container=20
elements. at() throws out_of_range if n >=3D a.size().=94
In either case no precondition is specified, although we can intuitively=20
see that such inputs are =93fishy=94. Thus the following code is perfectly=
=20
valid:
int process(function<int(int)> f, int i)
{
try {
return f(i);
}
catch(bad_function_call const&) {
return 0;
}
}
--=20
---=20
You received this message because you are subscribed to the Google Groups "=
ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-proposals@isocpp.org.
Visit this group at http://groups.google.com/a/isocpp.org/group/std-proposa=
ls/?hl=3Den.
------=_Part_49_30658112.1369402629855
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
<h2 dir=3D"ltr" style=3D"line-height:1.15;margin-top:10pt;margin-bottom:0pt=
;" id=3D"docs-internal-guid-3448ba09-d6b6-f3ae-2d18-ccd432498c33"><font siz=
e=3D"2">Hi everyone</font>,</h2><p>While trying to figure out what should t=
he definition of "precondition" be in C++, I collected a number of examples=
of potential preconditions, and things that could be confused with precond=
itions, from the Standard Library. These could serve as a basis for choosin=
g the semantics of preconditions. If you can think of any other kind of exp=
ectations on function inputs that could possibly qualify for preconditions,=
please let me know.</p><p>Regards,<br>&rzej</p><p><br></p><h2 dir=3D"l=
tr" style=3D"line-height:1.15;margin-top:10pt;margin-bottom:0pt;" id=3D"doc=
s-internal-guid-3448ba09-d6b6-f3ae-2d18-ccd432498c33"><span style=3D"font-s=
ize:17px;font-family:'Trebuchet MS';color:#000000;background-color:transpar=
ent;font-weight:bold;font-style:normal;font-variant:normal;text-decoration:=
none;vertical-align:baseline;">UB for performance reasons</span></h2><p dir=
=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span=
style=3D"font-size:15px;font-family:Arial;color:#000000;background-color:t=
ransparent;font-weight:normal;font-style:normal;font-variant:normal;text-de=
coration:none;vertical-align:baseline;">21.4.5 (</span><span style=3D"font-=
size:15px;font-family:'Courier New';color:#000000;background-color:transpar=
ent;font-weight:normal;font-style:normal;font-variant:normal;text-decoratio=
n:none;vertical-align:baseline;">basic_string</span><span style=3D"font-siz=
e:15px;font-family:Arial;color:#000000;background-color:transparent;font-we=
ight:normal;font-style:normal;font-variant:normal;text-decoration:none;vert=
ical-align:baseline;"> element access), paragraphs 1 and 3 :</span></p><p d=
ir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;"><sp=
an style=3D"font-size:15px;font-family:Arial;color:#000000;background-color=
:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-=
decoration:none;vertical-align:baseline;"> </span><span s=
tyle=3D"font-size:15px;font-family:'Courier New';color:#000000;background-c=
olor:transparent;font-weight:normal;font-style:normal;font-variant:normal;t=
ext-decoration:none;vertical-align:baseline;">reference operator[](size_typ=
e pos);</span></p><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;m=
argin-bottom:0pt;"><span style=3D"font-size:15px;font-family:Arial;color:#0=
00000;background-color:transparent;font-weight:normal;font-style:normal;fon=
t-variant:normal;text-decoration:none;vertical-align:baseline;">  =
; </span><span style=3D"font-size:15px;font-family:Arial;color:#00000=
0;background-color:transparent;font-weight:normal;font-style:italic;font-va=
riant:normal;text-decoration:none;vertical-align:baseline;">Requires:</span=
><span style=3D"font-size:15px;font-family:Arial;color:#000000;background-c=
olor:transparent;font-weight:normal;font-style:normal;font-variant:normal;t=
ext-decoration:none;vertical-align:baseline;"> </span><span style=3D"font-s=
ize:15px;font-family:'Courier New';color:#000000;background-color:transpare=
nt;font-weight:normal;font-style:normal;font-variant:normal;text-decoration=
:none;vertical-align:baseline;">pos <=3D size()</span><span style=3D"fon=
t-size:15px;font-family:Arial;color:#000000;background-color:transparent;fo=
nt-weight:normal;font-style:normal;font-variant:normal;text-decoration:none=
;vertical-align:baseline;">.</span></p><p dir=3D"ltr" style=3D"line-height:=
1.15;margin-top:0pt;margin-bottom:0pt;"><span style=3D"font-size:15px;font-=
family:Arial;color:#000000;background-color:transparent;font-weight:normal;=
font-style:normal;font-variant:normal;text-decoration:none;vertical-align:b=
aseline;"> </span><span style=3D"font-size:15px;font-fami=
ly:Arial;color:#000000;background-color:transparent;font-weight:normal;font=
-style:italic;font-variant:normal;text-decoration:none;vertical-align:basel=
ine;">Throws:</span><span style=3D"font-size:15px;font-family:Arial;color:#=
000000;background-color:transparent;font-weight:normal;font-style:normal;fo=
nt-variant:normal;text-decoration:none;vertical-align:baseline;"> Nothing.<=
/span></p><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bo=
ttom:0pt;"><span style=3D"font-size:15px;font-family:Arial;color:#000000;ba=
ckground-color:transparent;font-weight:normal;font-style:normal;font-varian=
t:normal;text-decoration:none;vertical-align:baseline;">To
guarantee the maximum run-time performance we require of the callers=20
that they make sure the precondition holds. Somewhat similar example:</span=
></p><br><span style=3D"font-size:15px;font-family:Arial;color:#000000;back=
ground-color:transparent;font-weight:normal;font-style:normal;font-variant:=
normal;text-decoration:none;vertical-align:baseline;"></span><p dir=3D"ltr"=
style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span style=
=3D"font-size:15px;font-family:Arial;color:#000000;background-color:transpa=
rent;font-weight:normal;font-style:normal;font-variant:normal;text-decorati=
on:none;vertical-align:baseline;">25.4.3.4 (</span><span style=3D"font-size=
:15px;font-family:'Courier New';color:#000000;background-color:transparent;=
font-weight:normal;font-style:normal;font-variant:normal;text-decoration:no=
ne;vertical-align:baseline;">binary_search</span><span style=3D"font-size:1=
5px;font-family:Arial;color:#000000;background-color:transparent;font-weigh=
t:normal;font-style:normal;font-variant:normal;text-decoration:none;vertica=
l-align:baseline;">), paragraph 1:</span></p><p dir=3D"ltr" style=3D"line-h=
eight:1.15;margin-top:0pt;margin-bottom:0pt;text-indent: 36pt;"><span style=
=3D"font-size:15px;font-family:'Courier New';color:#000000;background-color=
:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-=
decoration:none;vertical-align:baseline;">template<class ForwardIterator=
, class T, class Compare></span></p><p dir=3D"ltr" style=3D"line-height:=
1.15;margin-top:0pt;margin-bottom:0pt;text-indent: 36pt;"><span style=3D"fo=
nt-size:15px;font-family:'Courier New';color:#000000;background-color:trans=
parent;font-weight:normal;font-style:normal;font-variant:normal;text-decora=
tion:none;vertical-align:baseline;">bool binary_search(ForwardIterator firs=
t, ForwardIterator last,</span></p><p dir=3D"ltr" style=3D"line-height:1.15=
;margin-top:0pt;margin-bottom:0pt;text-indent: 36pt;"><span style=3D"font-s=
ize:15px;font-family:'Courier New';color:#000000;background-color:transpare=
nt;font-weight:normal;font-style:normal;font-variant:normal;text-decoration=
:none;vertical-align:baseline;"> =
const T&a=
mp; value, Compare comp);</span></p><p dir=3D"ltr" style=3D"line-height:1.1=
5;margin-top:0pt;margin-bottom:0pt;margin-left: 36pt;"><span style=3D"font-=
size:15px;font-family:Arial;color:#000000;background-color:transparent;font=
-weight:normal;font-style:italic;font-variant:normal;text-decoration:none;v=
ertical-align:baseline;">Requires: </span><span style=3D"font-size:15px;fon=
t-family:Arial;color:#000000;background-color:transparent;font-weight:norma=
l;font-style:normal;font-variant:normal;text-decoration:none;vertical-align=
:baseline;">The elements </span><span style=3D"font-size:15px;font-family:'=
Courier New';color:#000000;background-color:transparent;font-weight:normal;=
font-style:normal;font-variant:normal;text-decoration:none;vertical-align:b=
aseline;">e</span><span style=3D"font-size:15px;font-family:Arial;color:#00=
0000;background-color:transparent;font-weight:normal;font-style:normal;font=
-variant:normal;text-decoration:none;vertical-align:baseline;"> of </span><=
span style=3D"font-size:15px;font-family:'Courier New';color:#000000;backgr=
ound-color:transparent;font-weight:normal;font-style:normal;font-variant:no=
rmal;text-decoration:none;vertical-align:baseline;">[first,last)</span><spa=
n style=3D"font-size:15px;font-family:Arial;color:#000000;background-color:=
transparent;font-weight:normal;font-style:normal;font-variant:normal;text-d=
ecoration:none;vertical-align:baseline;"> are partitioned with respect to t=
he expressions </span><span style=3D"font-size:15px;font-family:'Courier Ne=
w';color:#000000;background-color:transparent;font-weight:normal;font-style=
:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;">=
comp(e, value)</span><span style=3D"font-size:15px;font-family:Arial;color:=
#000000;background-color:transparent;font-weight:normal;font-style:normal;f=
ont-variant:normal;text-decoration:none;vertical-align:baseline;"> and </sp=
an><span style=3D"font-size:15px;font-family:'Courier New';color:#000000;ba=
ckground-color:transparent;font-weight:normal;font-style:normal;font-varian=
t:normal;text-decoration:none;vertical-align:baseline;">!comp(value, e)</sp=
an><span style=3D"font-size:15px;font-family:Arial;color:#000000;background=
-color:transparent;font-weight:normal;font-style:normal;font-variant:normal=
;text-decoration:none;vertical-align:baseline;">. Also, for all elements </=
span><span style=3D"font-size:15px;font-family:'Courier New';color:#000000;=
background-color:transparent;font-weight:normal;font-style:normal;font-vari=
ant:normal;text-decoration:none;vertical-align:baseline;">e</span><span sty=
le=3D"font-size:15px;font-family:Arial;color:#000000;background-color:trans=
parent;font-weight:normal;font-style:normal;font-variant:normal;text-decora=
tion:none;vertical-align:baseline;"> of</span><span style=3D"font-size:15px=
;font-family:'Courier New';color:#000000;background-color:transparent;font-=
weight:normal;font-style:normal;font-variant:normal;text-decoration:none;ve=
rtical-align:baseline;"> [first, last)</span><span style=3D"font-size:15px;=
font-family:Arial;color:#000000;background-color:transparent;font-weight:no=
rmal;font-style:normal;font-variant:normal;text-decoration:none;vertical-al=
ign:baseline;">, </span><span style=3D"font-size:15px;font-family:'Courier =
New';color:#000000;background-color:transparent;font-weight:normal;font-sty=
le:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;=
">comp(e, value)</span><span style=3D"font-size:15px;font-family:Arial;colo=
r:#000000;background-color:transparent;font-weight:normal;font-style:normal=
;font-variant:normal;text-decoration:none;vertical-align:baseline;"> implie=
s </span><span style=3D"font-size:15px;font-family:'Courier New';color:#000=
000;background-color:transparent;font-weight:normal;font-style:normal;font-=
variant:normal;text-decoration:none;vertical-align:baseline;">!comp(value, =
e)</span><span style=3D"font-size:15px;font-family:Arial;color:#000000;back=
ground-color:transparent;font-weight:normal;font-style:normal;font-variant:=
normal;text-decoration:none;vertical-align:baseline;">.</span></p><br><span=
style=3D"font-size:15px;font-family:Arial;color:#000000;background-color:t=
ransparent;font-weight:normal;font-style:normal;font-variant:normal;text-de=
coration:none;vertical-align:baseline;"></span><p dir=3D"ltr" style=3D"line=
-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span style=3D"font-size:15=
px;font-family:Arial;color:#000000;background-color:transparent;font-weight=
:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical=
-align:baseline;">Here, most of the requirement could be expressed with C++=
expressions (using C++14 polymorphic lambdas):</span></p><p dir=3D"ltr" st=
yle=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span style=3D"f=
ont-size:15px;font-family:Arial;color:#000000;background-color:transparent;=
font-weight:normal;font-style:normal;font-variant:normal;text-decoration:no=
ne;vertical-align:baseline;"> </span><span style=3D"font-=
size:15px;font-family:'Courier New';color:#000000;background-color:transpar=
ent;font-weight:normal;font-style:normal;font-variant:normal;text-decoratio=
n:none;vertical-align:baseline;">is_partitioned(first, last, [&value](a=
uto&& e){</span></p><p dir=3D"ltr" style=3D"line-height:1.15;margin=
-top:0pt;margin-bottom:0pt;margin-left: 36pt;text-indent: 36pt;"><span styl=
e=3D"font-size:15px;font-family:'Courier New';color:#000000;background-colo=
r:transparent;font-weight:normal;font-style:normal;font-variant:normal;text=
-decoration:none;vertical-align:baseline;">return comp(e, value);</span></p=
><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;=
margin-left: 36pt;"><span style=3D"font-size:15px;font-family:'Courier New'=
;color:#000000;background-color:transparent;font-weight:normal;font-style:n=
ormal;font-variant:normal;text-decoration:none;vertical-align:baseline;">})=
;</span></p><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-=
bottom:0pt;text-indent: 36pt;"><span style=3D"font-size:15px;font-family:'C=
ourier New';color:#000000;background-color:transparent;font-weight:normal;f=
ont-style:normal;font-variant:normal;text-decoration:none;vertical-align:ba=
seline;">is_partitioned(first, last, [&value](auto&& e){</span>=
</p><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0=
pt;margin-left: 36pt;text-indent: 36pt;"><span style=3D"font-size:15px;font=
-family:'Courier New';color:#000000;background-color:transparent;font-weigh=
t:normal;font-style:normal;font-variant:normal;text-decoration:none;vertica=
l-align:baseline;">return !comp(value, e);</span></p><p dir=3D"ltr" style=
=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left: 36pt;"><=
span style=3D"font-size:15px;font-family:'Courier New';color:#000000;backgr=
ound-color:transparent;font-weight:normal;font-style:normal;font-variant:no=
rmal;text-decoration:none;vertical-align:baseline;">});</span></p><p dir=3D=
"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-lef=
t: 36pt;"><span style=3D"font-size:15px;font-family:'Courier New';color:#00=
0000;background-color:transparent;font-weight:normal;font-style:normal;font=
-variant:normal;text-decoration:none;vertical-align:baseline;">all_of(first=
, last, [&value](auto&& e){</span></p><p dir=3D"ltr" style=3D"l=
ine-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left: 36pt;"><span =
style=3D"font-size:15px;font-family:'Courier New';color:#000000;background-=
color:transparent;font-weight:normal;font-style:normal;font-variant:normal;=
text-decoration:none;vertical-align:baseline;"> return !c=
omp(e, value) || !comp(value, e); </span><span style=3D"font-size:15px;font=
-family:Arial;color:#000000;background-color:transparent;font-weight:normal=
;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:=
baseline;">// antisymmetry</span></p><p dir=3D"ltr" style=3D"line-height:1.=
15;margin-top:0pt;margin-bottom:0pt;margin-left: 36pt;"><span style=3D"font=
-size:15px;font-family:'Courier New';color:#000000;background-color:transpa=
rent;font-weight:normal;font-style:normal;font-variant:normal;text-decorati=
on:none;vertical-align:baseline;">});</span></p><p dir=3D"ltr" style=3D"lin=
e-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span style=3D"font-size:1=
5px;font-family:Arial;color:#000000;background-color:transparent;font-weigh=
t:normal;font-style:normal;font-variant:normal;text-decoration:none;vertica=
l-align:baseline;">However, the runtime complexity of </span><span style=3D=
"font-size:15px;font-family:'Courier New';color:#000000;background-color:tr=
ansparent;font-weight:normal;font-style:normal;font-variant:normal;text-dec=
oration:none;vertical-align:baseline;">binary_search </span><span style=3D"=
font-size:15px;font-family:Arial;color:#000000;background-color:transparent=
;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:n=
one;vertical-align:baseline;">is O(log(</span><span style=3D"font-size:15px=
;font-family:Arial;color:#000000;background-color:transparent;font-weight:n=
ormal;font-style:italic;font-variant:normal;text-decoration:none;vertical-a=
lign:baseline;">n</span><span style=3D"font-size:15px;font-family:Arial;col=
or:#000000;background-color:transparent;font-weight:normal;font-style:norma=
l;font-variant:normal;text-decoration:none;vertical-align:baseline;">)) whi=
le the complexity of the precondition is O(</span><span style=3D"font-size:=
15px;font-family:Arial;color:#000000;background-color:transparent;font-weig=
ht:normal;font-style:italic;font-variant:normal;text-decoration:none;vertic=
al-align:baseline;">n</span><span style=3D"font-size:15px;font-family:Arial=
;color:#000000;background-color:transparent;font-weight:normal;font-style:n=
ormal;font-variant:normal;text-decoration:none;vertical-align:baseline;">).=
</span></p><br><span style=3D"font-size:15px;font-family:Arial;color:#0000=
00;background-color:transparent;font-weight:normal;font-style:normal;font-v=
ariant:normal;text-decoration:none;vertical-align:baseline;"></span><p dir=
=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span=
style=3D"font-size:15px;font-family:Arial;color:#000000;background-color:t=
ransparent;font-weight:normal;font-style:normal;font-variant:normal;text-de=
coration:none;vertical-align:baseline;">However, there is also one implied =
precondition that cannot be easily expressed: </span><span style=3D"font-si=
ze:15px;font-family:'Courier New';color:#000000;background-color:transparen=
t;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:=
none;vertical-align:baseline;">first</span><span style=3D"font-size:15px;fo=
nt-family:Arial;color:#000000;background-color:transparent;font-weight:norm=
al;font-style:normal;font-variant:normal;text-decoration:none;vertical-alig=
n:baseline;"> and </span><span style=3D"font-size:15px;font-family:'Courier=
New';color:#000000;background-color:transparent;font-weight:normal;font-st=
yle:normal;font-variant:normal;text-decoration:none;vertical-align:baseline=
;">last </span><span style=3D"font-size:15px;font-family:Arial;color:#00000=
0;background-color:transparent;font-weight:normal;font-style:normal;font-va=
riant:normal;text-decoration:none;vertical-align:baseline;">must form a val=
id range. That is, there is no expression that can return </span><span styl=
e=3D"font-size:15px;font-family:'Courier New';color:#000000;background-colo=
r:transparent;font-weight:normal;font-style:normal;font-variant:normal;text=
-decoration:none;vertical-align:baseline;">true </span><span style=3D"font-=
size:15px;font-family:Arial;color:#000000;background-color:transparent;font=
-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;v=
ertical-align:baseline;">for all valid ranges and </span><span style=3D"fon=
t-size:15px;font-family:'Courier New';color:#000000;background-color:transp=
arent;font-weight:normal;font-style:normal;font-variant:normal;text-decorat=
ion:none;vertical-align:baseline;">false </span><span style=3D"font-size:15=
px;font-family:Arial;color:#000000;background-color:transparent;font-weight=
:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical=
-align:baseline;">for all invalid ranges. This is somewhat similar to check=
ing if a non-null pointer points to valid memory.</span></p><h2 dir=3D"ltr"=
style=3D"line-height:1.15;margin-top:10pt;margin-bottom:0pt;"><span style=
=3D"font-size:17px;font-family:'Trebuchet MS';color:#000000;background-colo=
r:transparent;font-weight:bold;font-style:normal;font-variant:normal;text-d=
ecoration:none;vertical-align:baseline;">=93Logical=94 error with guarantee=
d error report</span></h2><p dir=3D"ltr" style=3D"line-height:1.15;margin-t=
op:0pt;margin-bottom:0pt;"><span style=3D"font-size:15px;font-family:Arial;=
color:#000000;background-color:transparent;font-weight:normal;font-style:no=
rmal;font-variant:normal;text-decoration:none;vertical-align:baseline;">21.=
4.5 (</span><span style=3D"font-size:15px;font-family:'Courier New';color:#=
000000;background-color:transparent;font-weight:normal;font-style:normal;fo=
nt-variant:normal;text-decoration:none;vertical-align:baseline;">basic_stri=
ng</span><span style=3D"font-size:15px;font-family:Arial;color:#000000;back=
ground-color:transparent;font-weight:normal;font-style:normal;font-variant:=
normal;text-decoration:none;vertical-align:baseline;"> element access), par=
agraphs 5 - 6:</span></p><p dir=3D"ltr" style=3D"line-height:1.15;margin-to=
p:0pt;margin-bottom:0pt;text-indent: 36pt;"><span style=3D"font-size:15px;f=
ont-family:'Courier New';color:#000000;background-color:transparent;font-we=
ight:normal;font-style:normal;font-variant:normal;text-decoration:none;vert=
ical-align:baseline;">reference at(size_type pos);</span></p><p dir=3D"ltr"=
style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;text-indent: 36=
pt;"><span style=3D"font-size:15px;font-family:Arial;color:#000000;backgrou=
nd-color:transparent;font-weight:normal;font-style:italic;font-variant:norm=
al;text-decoration:none;vertical-align:baseline;">Requires:</span><span sty=
le=3D"font-size:15px;font-family:Arial;color:#000000;background-color:trans=
parent;font-weight:normal;font-style:normal;font-variant:normal;text-decora=
tion:none;vertical-align:baseline;"> </span><span style=3D"font-size:15px;f=
ont-family:'Courier New';color:#000000;background-color:transparent;font-we=
ight:normal;font-style:normal;font-variant:normal;text-decoration:none;vert=
ical-align:baseline;">pos < size()</span></p><p dir=3D"ltr" style=3D"lin=
e-height:1.15;margin-top:0pt;margin-bottom:0pt;text-indent: 36pt;"><span st=
yle=3D"font-size:15px;font-family:Arial;color:#000000;background-color:tran=
sparent;font-weight:normal;font-style:italic;font-variant:normal;text-decor=
ation:none;vertical-align:baseline;">Throws:</span><span style=3D"font-size=
:15px;font-family:Arial;color:#000000;background-color:transparent;font-wei=
ght:normal;font-style:normal;font-variant:normal;text-decoration:none;verti=
cal-align:baseline;"> </span><span style=3D"font-size:15px;font-family:'Cou=
rier New';color:#000000;background-color:transparent;font-weight:normal;fon=
t-style:normal;font-variant:normal;text-decoration:none;vertical-align:base=
line;">out_of_range</span><span style=3D"font-size:15px;font-family:Arial;c=
olor:#000000;background-color:transparent;font-weight:normal;font-style:nor=
mal;font-variant:normal;text-decoration:none;vertical-align:baseline;"> if =
</span><span style=3D"font-size:15px;font-family:'Courier New';color:#00000=
0;background-color:transparent;font-weight:normal;font-style:normal;font-va=
riant:normal;text-decoration:none;vertical-align:baseline;">pos >=3D siz=
e()</span><span style=3D"font-size:15px;font-family:Arial;color:#000000;bac=
kground-color:transparent;font-weight:normal;font-style:normal;font-variant=
:normal;text-decoration:none;vertical-align:baseline;">.</span></p><br><spa=
n style=3D"font-size:15px;font-family:Arial;color:#000000;background-color:=
transparent;font-weight:normal;font-style:normal;font-variant:normal;text-d=
ecoration:none;vertical-align:baseline;"></span><p dir=3D"ltr" style=3D"lin=
e-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span style=3D"font-size:1=
5px;font-family:Arial;color:#000000;background-color:transparent;font-weigh=
t:normal;font-style:normal;font-variant:normal;text-decoration:none;vertica=
l-align:baseline;">This
is accompanied by the controversial requirement from the standard=20
(17.6.4.11): =93Violation of the preconditions specified in a function=92s =
</span><span style=3D"font-size:15px;font-family:Arial;color:#000000;backgr=
ound-color:transparent;font-weight:normal;font-style:italic;font-variant:no=
rmal;text-decoration:none;vertical-align:baseline;">Requires:</span><span s=
tyle=3D"font-size:15px;font-family:Arial;color:#000000;background-color:tra=
nsparent;font-weight:normal;font-style:normal;font-variant:normal;text-deco=
ration:none;vertical-align:baseline;"> paragraph results in undefined behav=
ior</span></p><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margi=
n-bottom:0pt;"><span style=3D"font-size:15px;font-family:Arial;color:#00000=
0;background-color:transparent;font-weight:normal;font-style:normal;font-va=
riant:normal;text-decoration:none;vertical-align:baseline;">unless the func=
tion=92s </span><span style=3D"font-size:15px;font-family:Arial;color:#0000=
00;background-color:transparent;font-weight:normal;font-style:italic;font-v=
ariant:normal;text-decoration:none;vertical-align:baseline;">Throws:</span>=
<span style=3D"font-size:15px;font-family:Arial;color:#000000;background-co=
lor:transparent;font-weight:normal;font-style:normal;font-variant:normal;te=
xt-decoration:none;vertical-align:baseline;"> paragraph specifies throwing =
an exception when the precondition is violated.=94</span></p><p dir=3D"ltr"=
style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span style=
=3D"font-size:15px;font-family:Arial;color:#000000;background-color:transpa=
rent;font-weight:normal;font-style:normal;font-variant:normal;text-decorati=
on:none;vertical-align:baseline;">Here,
it is very well defined what happens in case we provide the=20
out-of-range index. This makes the following program well defined:</span></=
p><br><span style=3D"font-size:15px;font-family:Arial;color:#000000;backgro=
und-color:transparent;font-weight:normal;font-style:normal;font-variant:nor=
mal;text-decoration:none;vertical-align:baseline;"></span><p dir=3D"ltr" st=
yle=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left: 36pt;=
"><span style=3D"font-size:15px;font-family:'Courier New';color:#000000;bac=
kground-color:transparent;font-weight:normal;font-style:normal;font-variant=
:normal;text-decoration:none;vertical-align:baseline;">void listChars(strin=
g const& s)</span></p><p dir=3D"ltr" style=3D"line-height:1.15;margin-t=
op:0pt;margin-bottom:0pt;margin-left: 36pt;"><span style=3D"font-size:15px;=
font-family:'Courier New';color:#000000;background-color:transparent;font-w=
eight:normal;font-style:normal;font-variant:normal;text-decoration:none;ver=
tical-align:baseline;">{</span></p><p dir=3D"ltr" style=3D"line-height:1.15=
;margin-top:0pt;margin-bottom:0pt;margin-left: 72pt;"><span style=3D"font-s=
ize:15px;font-family:'Courier New';color:#000000;background-color:transpare=
nt;font-weight:normal;font-style:normal;font-variant:normal;text-decoration=
:none;vertical-align:baseline;">int i =3D 0;</span></p><p dir=3D"ltr" style=
=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left: 72pt;"><=
span style=3D"font-size:15px;font-family:'Courier New';color:#000000;backgr=
ound-color:transparent;font-weight:normal;font-style:normal;font-variant:no=
rmal;text-decoration:none;vertical-align:baseline;">try {</span></p><p dir=
=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-=
left: 72pt;text-indent: 36pt;"><span style=3D"font-size:15px;font-family:'C=
ourier New';color:#000000;background-color:transparent;font-weight:normal;f=
ont-style:normal;font-variant:normal;text-decoration:none;vertical-align:ba=
seline;">while(true) cout << vec.at(i++);</span></p><p dir=3D"ltr" st=
yle=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left: 72pt;=
"><span style=3D"font-size:15px;font-family:'Courier New';color:#000000;bac=
kground-color:transparent;font-weight:normal;font-style:normal;font-variant=
:normal;text-decoration:none;vertical-align:baseline;">}</span></p><p dir=
=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-=
left: 72pt;"><span style=3D"font-size:15px;font-family:'Courier New';color:=
#000000;background-color:transparent;font-weight:normal;font-style:normal;f=
ont-variant:normal;text-decoration:none;vertical-align:baseline;">catch(out=
_of_range const&) {}</span></p><p dir=3D"ltr" style=3D"line-height:1.15=
;margin-top:0pt;margin-bottom:0pt;text-indent: 36pt;"><span style=3D"font-s=
ize:15px;font-family:'Courier New';color:#000000;background-color:transpare=
nt;font-weight:normal;font-style:normal;font-variant:normal;text-decoration=
:none;vertical-align:baseline;">}</span><span style=3D"font-size:15px;font-=
family:Arial;color:#000000;background-color:transparent;font-weight:normal;=
font-style:normal;font-variant:normal;text-decoration:none;vertical-align:b=
aseline;"></span></p><br><span style=3D"font-size:15px;font-family:Arial;co=
lor:#000000;background-color:transparent;font-weight:normal;font-style:norm=
al;font-variant:normal;text-decoration:none;vertical-align:baseline;"></spa=
n><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt=
;"><span style=3D"font-size:15px;font-family:Arial;color:#000000;background=
-color:transparent;font-weight:normal;font-style:normal;font-variant:normal=
;text-decoration:none;vertical-align:baseline;">The
question is, why call out-of-range a =93precondition=94 if we accept it as=
=20
well-defined input? What is the definition of a precondition? What is=20
the purpose of specifying one? Is it a license to the compiler for=20
rejecting any code where it can prove that a precondition is violated?=20
So should smart compilers be allowed to reject functions like </span><span =
style=3D"font-size:15px;font-family:'Courier New';color:#000000;background-=
color:transparent;font-weight:normal;font-style:normal;font-variant:normal;=
text-decoration:none;vertical-align:baseline;">listChars</span><span style=
=3D"font-size:15px;font-family:Arial;color:#000000;background-color:transpa=
rent;font-weight:normal;font-style:normal;font-variant:normal;text-decorati=
on:none;vertical-align:baseline;"> above? Or is precondition only a hint on=
usage for other developers?</span></p><h2 dir=3D"ltr" style=3D"line-height=
:1.15;margin-top:10pt;margin-bottom:0pt;"><span style=3D"font-size:17px;fon=
t-family:'Trebuchet MS';color:#000000;background-color:transparent;font-wei=
ght:bold;font-style:normal;font-variant:normal;text-decoration:none;vertica=
l-align:baseline;">Only an irregular input</span></h2><p dir=3D"ltr" style=
=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span style=3D"font=
-size:15px;font-family:Arial;color:#000000;background-color:transparent;fon=
t-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;=
vertical-align:baseline;">20.8.11.2.4 (</span><span style=3D"font-size:15px=
;font-family:'Courier New';color:#000000;background-color:transparent;font-=
weight:normal;font-style:normal;font-variant:normal;text-decoration:none;ve=
rtical-align:baseline;">function</span><span style=3D"font-size:15px;font-f=
amily:Arial;color:#000000;background-color:transparent;font-weight:normal;f=
ont-style:normal;font-variant:normal;text-decoration:none;vertical-align:ba=
seline;"> invocation), paragraphs 1 and 3:</span></p><p dir=3D"ltr" style=
=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span style=3D"font=
-size:15px;font-family:Arial;color:#000000;background-color:transparent;fon=
t-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;=
vertical-align:baseline;"> </span><span style=3D"font-siz=
e:15px;font-family:'Courier New';color:#000000;background-color:transparent=
;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:n=
one;vertical-align:baseline;">R operator()(ArgTypes... args) const;</span><=
/p><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0p=
t;margin-left: 36pt;"><span style=3D"font-size:15px;font-family:Arial;color=
:#000000;background-color:transparent;font-weight:normal;font-style:italic;=
font-variant:normal;text-decoration:none;vertical-align:baseline;">Effects:=
</span><span style=3D"font-size:15px;font-family:Arial;color:#000000;backgr=
ound-color:transparent;font-weight:normal;font-style:normal;font-variant:no=
rmal;text-decoration:none;vertical-align:baseline;"> </span><span style=3D"=
font-size:15px;font-family:'Courier New';color:#000000;background-color:tra=
nsparent;font-weight:normal;font-style:normal;font-variant:normal;text-deco=
ration:none;vertical-align:baseline;">INVOKE(f, std::forward<ArgTypes>=
;(args)..., R)</span><span style=3D"font-size:15px;font-family:Arial;color:=
#000000;background-color:transparent;font-weight:normal;font-style:normal;f=
ont-variant:normal;text-decoration:none;vertical-align:baseline;">, where <=
/span><span style=3D"font-size:15px;font-family:'Courier New';color:#000000=
;background-color:transparent;font-weight:normal;font-style:normal;font-var=
iant:normal;text-decoration:none;vertical-align:baseline;">f</span><span st=
yle=3D"font-size:15px;font-family:Arial;color:#000000;background-color:tran=
sparent;font-weight:normal;font-style:normal;font-variant:normal;text-decor=
ation:none;vertical-align:baseline;"> is the target object of </span><span =
style=3D"font-size:15px;font-family:'Courier New';color:#000000;background-=
color:transparent;font-weight:normal;font-style:normal;font-variant:normal;=
text-decoration:none;vertical-align:baseline;">*this</span><span style=3D"f=
ont-size:15px;font-family:Arial;color:#000000;background-color:transparent;=
font-weight:normal;font-style:normal;font-variant:normal;text-decoration:no=
ne;vertical-align:baseline;">.</span></p><p dir=3D"ltr" style=3D"line-heigh=
t:1.15;margin-top:0pt;margin-bottom:0pt;margin-left: 36pt;"><span style=3D"=
font-size:15px;font-family:Arial;color:#000000;background-color:transparent=
;font-weight:normal;font-style:italic;font-variant:normal;text-decoration:n=
one;vertical-align:baseline;">Throws:</span><span style=3D"font-size:15px;f=
ont-family:Arial;color:#000000;background-color:transparent;font-weight:nor=
mal;font-style:normal;font-variant:normal;text-decoration:none;vertical-ali=
gn:baseline;"> </span><span style=3D"font-size:15px;font-family:'Courier Ne=
w';color:#000000;background-color:transparent;font-weight:normal;font-style=
:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;">=
bad_function_call</span><span style=3D"font-size:15px;font-family:Arial;col=
or:#000000;background-color:transparent;font-weight:normal;font-style:norma=
l;font-variant:normal;text-decoration:none;vertical-align:baseline;"> if </=
span><span style=3D"font-size:15px;font-family:'Courier New';color:#000000;=
background-color:transparent;font-weight:normal;font-style:normal;font-vari=
ant:normal;text-decoration:none;vertical-align:baseline;">!*this</span><spa=
n style=3D"font-size:15px;font-family:Arial;color:#000000;background-color:=
transparent;font-weight:normal;font-style:normal;font-variant:normal;text-d=
ecoration:none;vertical-align:baseline;">; otherwise, any exception thrown =
by the wrapped callable object.</span></p><br><span style=3D"font-size:15px=
;font-family:Arial;color:#000000;background-color:transparent;font-weight:n=
ormal;font-style:normal;font-variant:normal;text-decoration:none;vertical-a=
lign:baseline;"></span><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:=
0pt;margin-bottom:0pt;"><span style=3D"font-size:15px;font-family:Arial;col=
or:#000000;background-color:transparent;font-weight:normal;font-style:norma=
l;font-variant:normal;text-decoration:none;vertical-align:baseline;">23.2.3=
(Sequence containers), paragraph 17:</span></p><p dir=3D"ltr" style=3D"lin=
e-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span style=3D"font-size:1=
5px;font-family:Arial;color:#000000;background-color:transparent;font-weigh=
t:normal;font-style:normal;font-variant:normal;text-decoration:none;vertica=
l-align:baseline;">=93The member function </span><span style=3D"font-size:1=
5px;font-family:'Courier New';color:#000000;background-color:transparent;fo=
nt-weight:normal;font-style:normal;font-variant:normal;text-decoration:none=
;vertical-align:baseline;">at()</span><span style=3D"font-size:15px;font-fa=
mily:Arial;color:#000000;background-color:transparent;font-weight:normal;fo=
nt-style:normal;font-variant:normal;text-decoration:none;vertical-align:bas=
eline;"> provides bounds-checked access to container elements. </span><span=
style=3D"font-size:15px;font-family:'Courier New';color:#000000;background=
-color:transparent;font-weight:normal;font-style:normal;font-variant:normal=
;text-decoration:none;vertical-align:baseline;">at() </span><span style=3D"=
font-size:15px;font-family:Arial;color:#000000;background-color:transparent=
;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:n=
one;vertical-align:baseline;">throws </span><span style=3D"font-size:15px;f=
ont-family:'Courier New';color:#000000;background-color:transparent;font-we=
ight:normal;font-style:normal;font-variant:normal;text-decoration:none;vert=
ical-align:baseline;">out_of_range</span><span style=3D"font-size:15px;font=
-family:Arial;color:#000000;background-color:transparent;font-weight:normal=
;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:=
baseline;"> if </span><span style=3D"font-size:15px;font-family:'Courier Ne=
w';color:#000000;background-color:transparent;font-weight:normal;font-style=
:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;">=
n >=3D a.size()</span><span style=3D"font-size:15px;font-family:Arial;co=
lor:#000000;background-color:transparent;font-weight:normal;font-style:norm=
al;font-variant:normal;text-decoration:none;vertical-align:baseline;">.=94<=
/span></p><br><span style=3D"font-size:15px;font-family:Arial;color:#000000=
;background-color:transparent;font-weight:normal;font-style:normal;font-var=
iant:normal;text-decoration:none;vertical-align:baseline;"></span><p dir=3D=
"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;"><span st=
yle=3D"font-size:15px;font-family:Arial;color:#000000;background-color:tran=
sparent;font-weight:normal;font-style:normal;font-variant:normal;text-decor=
ation:none;vertical-align:baseline;">In
either case no precondition is specified, although we can intuitively=20
see that such inputs are =93fishy=94. Thus the following code is perfectly=
=20
valid:</span></p><br><span style=3D"font-size:15px;font-family:Arial;color:=
#000000;background-color:transparent;font-weight:normal;font-style:normal;f=
ont-variant:normal;text-decoration:none;vertical-align:baseline;"></span><p=
dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;mar=
gin-left: 36pt;"><span style=3D"font-size:15px;font-family:'Courier New';co=
lor:#000000;background-color:transparent;font-weight:normal;font-style:norm=
al;font-variant:normal;text-decoration:none;vertical-align:baseline;">int p=
rocess(function<int(int)> f, int i)</span></p><p dir=3D"ltr" style=3D=
"line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left: 36pt;"><spa=
n style=3D"font-size:15px;font-family:'Courier New';color:#000000;backgroun=
d-color:transparent;font-weight:normal;font-style:normal;font-variant:norma=
l;text-decoration:none;vertical-align:baseline;">{</span></p><p dir=3D"ltr"=
style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left: 72=
pt;"><span style=3D"font-size:15px;font-family:'Courier New';color:#000000;=
background-color:transparent;font-weight:normal;font-style:normal;font-vari=
ant:normal;text-decoration:none;vertical-align:baseline;">try {</span></p><=
p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;ma=
rgin-left: 72pt;"><span style=3D"font-size:15px;font-family:'Courier New';c=
olor:#000000;background-color:transparent;font-weight:normal;font-style:nor=
mal;font-variant:normal;text-decoration:none;vertical-align:baseline;"> &nb=
sp;return f(i);</span></p><p dir=3D"ltr" style=3D"line-height:1.15;margin-t=
op:0pt;margin-bottom:0pt;margin-left: 72pt;"><span style=3D"font-size:15px;=
font-family:'Courier New';color:#000000;background-color:transparent;font-w=
eight:normal;font-style:normal;font-variant:normal;text-decoration:none;ver=
tical-align:baseline;">}</span></p><p dir=3D"ltr" style=3D"line-height:1.15=
;margin-top:0pt;margin-bottom:0pt;margin-left: 72pt;"><span style=3D"font-s=
ize:15px;font-family:'Courier New';color:#000000;background-color:transpare=
nt;font-weight:normal;font-style:normal;font-variant:normal;text-decoration=
:none;vertical-align:baseline;">catch(bad_function_call const&) {</span=
></p><p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:=
0pt;margin-left: 72pt;"><span style=3D"font-size:15px;font-family:'Courier =
New';color:#000000;background-color:transparent;font-weight:normal;font-sty=
le:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;=
"> return 0;</span></p><p dir=3D"ltr" style=3D"line-heigh=
t:1.15;margin-top:0pt;margin-bottom:0pt;margin-left: 72pt;"><span style=3D"=
font-size:15px;font-family:'Courier New';color:#000000;background-color:tra=
nsparent;font-weight:normal;font-style:normal;font-variant:normal;text-deco=
ration:none;vertical-align:baseline;">}</span></p><div style=3D"margin-left=
: 40px;"><span style=3D"font-size:15px;font-family:'Courier New';color:#000=
000;background-color:transparent;font-weight:normal;font-style:normal;font-=
variant:normal;text-decoration:none;vertical-align:baseline;">}</span></div=
>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups &=
quot;ISO C++ Standard - Future Proposals" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.<br />
To post to this group, send email to std-proposals@isocpp.org.<br />
Visit this group at <a href=3D"http://groups.google.com/a/isocpp.org/group/=
std-proposals/?hl=3Den">http://groups.google.com/a/isocpp.org/group/std-pro=
posals/?hl=3Den</a>.<br />
<br />
<br />
------=_Part_49_30658112.1369402629855--
.
Author: Tony V E <tvaneerd@gmail.com>
Date: Fri, 24 May 2013 10:33:04 -0400
Raw View
--047d7b3432b83df97104dd77ad76
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On Fri, May 24, 2013 at 9:37 AM, Andrzej Krzemie=C5=84ski <akrzemi1@gmail.c=
om>wrote:
> Hi everyone,
>
> While trying to figure out what should the definition of "precondition" b=
e
> in C++, I collected a number of examples of potential preconditions, and
> things that could be confused with preconditions, from the Standard
> Library. These could serve as a basis for choosing the semantics of
> preconditions. If you can think of any other kind of expectations on
> function inputs that could possibly qualify for preconditions, please let
> me know.
>
> Regards,
> &rzej
>
>
> =E2=80=9CLogical=E2=80=9D error with guaranteed error report
>
> 21.4.5 (basic_string element access), paragraphs 5 - 6:
>
> reference at(size_type pos);
>
> Requires: pos < size()
>
> Throws: out_of_range if pos >=3D size().
>
> This is accompanied by the controversial requirement from the standard
> (17.6.4.11): =E2=80=9CViolation of the preconditions specified in a funct=
ion=E2=80=99s
> Requires: paragraph results in undefined behavior
>
> unless the function=E2=80=99s Throws: paragraph specifies throwing an exc=
eption
> when the precondition is violated.=E2=80=9D
>
> Here, it is very well defined what happens in case we provide the
> out-of-range index. This makes the following program well defined:
>
> void listChars(string const& s)
>
> {
>
> int i =3D 0;
>
> try {
>
> while(true) cout << vec.at(i++);
>
> }
>
> catch(out_of_range const&) {}
>
> }
>
> The question is, why call out-of-range a =E2=80=9Cprecondition=E2=80=9D i=
f we accept it as
> well-defined input? What is the definition of a precondition? What is the
> purpose of specifying one? Is it a license to the compiler for rejecting
> any code where it can prove that a precondition is violated? So should
> smart compilers be allowed to reject functions like listChars above? Or
> is precondition only a hint on usage for other developers?
>
>
at() is basically described incorrectly and should be fixed. I *think*
there is general consensus in the committee that cases like this are
broken. pos < size() should NOT be a precondition in this case, since it
is specified exactly what happens when the "precondition" is violated.
Tony
--=20
---=20
You received this message because you are subscribed to the Google Groups "=
ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-proposals@isocpp.org.
Visit this group at http://groups.google.com/a/isocpp.org/group/std-proposa=
ls/?hl=3Den.
--047d7b3432b83df97104dd77ad76
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Fri, May 24, 2013 at 9:37 AM, Andrzej Krzemie=C5=84ski <span dir=
=3D"ltr"><<a href=3D"mailto:akrzemi1@gmail.com" target=3D"_blank">akrzem=
i1@gmail.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><h2 dir=3D"ltr" style=3D"line-height:1.15;ma=
rgin-top:10pt;margin-bottom:0pt"><font>Hi everyone</font>,</h2><p>While try=
ing to figure out what should the definition of "precondition" be=
in C++, I collected a number of examples of potential preconditions, and t=
hings that could be confused with preconditions, from the Standard Library.=
These could serve as a basis for choosing the semantics of preconditions. =
If you can think of any other kind of expectations on function inputs that =
could possibly qualify for preconditions, please let me know.</p>
<p>Regards,<br>&rzej</p><p><br></p><h2 dir=3D"ltr" style=3D"line-height=
:1.15;margin-top:10pt;margin-bottom:0pt"><span style=3D"vertical-align:base=
line;font-variant:normal;font-style:normal;font-size:17px;background-color:=
transparent;text-decoration:none;font-family:'Trebuchet MS';font-we=
ight:bold">=E2=80=9CLogical=E2=80=9D error with guaranteed error report</sp=
an></h2>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt">=
<span style=3D"vertical-align:baseline;font-variant:normal;font-style:norma=
l;font-size:15px;background-color:transparent;text-decoration:none;font-fam=
ily:Arial;font-weight:normal">21.4.5 (</span><span style=3D"vertical-align:=
baseline;font-variant:normal;font-style:normal;font-size:15px;background-co=
lor:transparent;text-decoration:none;font-family:'Courier New';font=
-weight:normal">basic_string</span><span style=3D"vertical-align:baseline;f=
ont-variant:normal;font-style:normal;font-size:15px;background-color:transp=
arent;text-decoration:none;font-family:Arial;font-weight:normal"> element a=
ccess), paragraphs 5 - 6:</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;t=
ext-indent:36pt"><span style=3D"vertical-align:baseline;font-variant:normal=
;font-style:normal;font-size:15px;background-color:transparent;text-decorat=
ion:none;font-family:'Courier New';font-weight:normal">reference at=
(size_type pos);</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;t=
ext-indent:36pt"><span style=3D"vertical-align:baseline;font-variant:normal=
;font-style:italic;font-size:15px;background-color:transparent;text-decorat=
ion:none;font-family:Arial;font-weight:normal">Requires:</span><span style=
=3D"vertical-align:baseline;font-variant:normal;font-style:normal;font-size=
:15px;background-color:transparent;text-decoration:none;font-family:Arial;f=
ont-weight:normal"> </span><span style=3D"vertical-align:baseline;font-vari=
ant:normal;font-style:normal;font-size:15px;background-color:transparent;te=
xt-decoration:none;font-family:'Courier New';font-weight:normal">po=
s < size()</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;t=
ext-indent:36pt"><span style=3D"vertical-align:baseline;font-variant:normal=
;font-style:italic;font-size:15px;background-color:transparent;text-decorat=
ion:none;font-family:Arial;font-weight:normal">Throws:</span><span style=3D=
"vertical-align:baseline;font-variant:normal;font-style:normal;font-size:15=
px;background-color:transparent;text-decoration:none;font-family:Arial;font=
-weight:normal"> </span><span style=3D"vertical-align:baseline;font-variant=
:normal;font-style:normal;font-size:15px;background-color:transparent;text-=
decoration:none;font-family:'Courier New';font-weight:normal">out_o=
f_range</span><span style=3D"vertical-align:baseline;font-variant:normal;fo=
nt-style:normal;font-size:15px;background-color:transparent;text-decoration=
:none;font-family:Arial;font-weight:normal"> if </span><span style=3D"verti=
cal-align:baseline;font-variant:normal;font-style:normal;font-size:15px;bac=
kground-color:transparent;text-decoration:none;font-family:'Courier New=
';font-weight:normal">pos >=3D size()</span><span style=3D"vertical-=
align:baseline;font-variant:normal;font-style:normal;font-size:15px;backgro=
und-color:transparent;text-decoration:none;font-family:Arial;font-weight:no=
rmal">.</span></p>
<br><span style=3D"vertical-align:baseline;font-variant:normal;font-style:n=
ormal;font-size:15px;background-color:transparent;text-decoration:none;font=
-family:Arial;font-weight:normal"></span><p dir=3D"ltr" style=3D"line-heigh=
t:1.15;margin-top:0pt;margin-bottom:0pt">
<span style=3D"vertical-align:baseline;font-variant:normal;font-style:norma=
l;font-size:15px;background-color:transparent;text-decoration:none;font-fam=
ily:Arial;font-weight:normal">This
is accompanied by the controversial requirement from the standard=20
(17.6.4.11): =E2=80=9CViolation of the preconditions specified in a functio=
n=E2=80=99s </span><span style=3D"vertical-align:baseline;font-variant:norm=
al;font-style:italic;font-size:15px;background-color:transparent;text-decor=
ation:none;font-family:Arial;font-weight:normal">Requires:</span><span styl=
e=3D"vertical-align:baseline;font-variant:normal;font-style:normal;font-siz=
e:15px;background-color:transparent;text-decoration:none;font-family:Arial;=
font-weight:normal"> paragraph results in undefined behavior</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt">=
<span style=3D"vertical-align:baseline;font-variant:normal;font-style:norma=
l;font-size:15px;background-color:transparent;text-decoration:none;font-fam=
ily:Arial;font-weight:normal">unless the function=E2=80=99s </span><span st=
yle=3D"vertical-align:baseline;font-variant:normal;font-style:italic;font-s=
ize:15px;background-color:transparent;text-decoration:none;font-family:Aria=
l;font-weight:normal">Throws:</span><span style=3D"vertical-align:baseline;=
font-variant:normal;font-style:normal;font-size:15px;background-color:trans=
parent;text-decoration:none;font-family:Arial;font-weight:normal"> paragrap=
h specifies throwing an exception when the precondition is violated.=E2=80=
=9D</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt">=
<span style=3D"vertical-align:baseline;font-variant:normal;font-style:norma=
l;font-size:15px;background-color:transparent;text-decoration:none;font-fam=
ily:Arial;font-weight:normal">Here,
it is very well defined what happens in case we provide the=20
out-of-range index. This makes the following program well defined:</span></=
p><br><span style=3D"vertical-align:baseline;font-variant:normal;font-style=
:normal;font-size:15px;background-color:transparent;text-decoration:none;fo=
nt-family:Arial;font-weight:normal"></span><p dir=3D"ltr" style=3D"line-hei=
ght:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:36pt">
<span style=3D"vertical-align:baseline;font-variant:normal;font-style:norma=
l;font-size:15px;background-color:transparent;text-decoration:none;font-fam=
ily:'Courier New';font-weight:normal">void listChars(string const&a=
mp; s)</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;m=
argin-left:36pt"><span style=3D"vertical-align:baseline;font-variant:normal=
;font-style:normal;font-size:15px;background-color:transparent;text-decorat=
ion:none;font-family:'Courier New';font-weight:normal">{</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;m=
argin-left:72pt"><span style=3D"vertical-align:baseline;font-variant:normal=
;font-style:normal;font-size:15px;background-color:transparent;text-decorat=
ion:none;font-family:'Courier New';font-weight:normal">int i =3D 0;=
</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;m=
argin-left:72pt"><span style=3D"vertical-align:baseline;font-variant:normal=
;font-style:normal;font-size:15px;background-color:transparent;text-decorat=
ion:none;font-family:'Courier New';font-weight:normal">try {</span>=
</p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;m=
argin-left:72pt;text-indent:36pt"><span style=3D"vertical-align:baseline;fo=
nt-variant:normal;font-style:normal;font-size:15px;background-color:transpa=
rent;text-decoration:none;font-family:'Courier New';font-weight:nor=
mal">while(true) cout << <a href=3D"http://vec.at" target=3D"_blank">=
vec.at</a>(i++);</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;m=
argin-left:72pt"><span style=3D"vertical-align:baseline;font-variant:normal=
;font-style:normal;font-size:15px;background-color:transparent;text-decorat=
ion:none;font-family:'Courier New';font-weight:normal">}</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;m=
argin-left:72pt"><span style=3D"vertical-align:baseline;font-variant:normal=
;font-style:normal;font-size:15px;background-color:transparent;text-decorat=
ion:none;font-family:'Courier New';font-weight:normal">catch(out_of=
_range const&) {}</span></p>
<p dir=3D"ltr" style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt;t=
ext-indent:36pt"><span style=3D"vertical-align:baseline;font-variant:normal=
;font-style:normal;font-size:15px;background-color:transparent;text-decorat=
ion:none;font-family:'Courier New';font-weight:normal">}</span><spa=
n style=3D"vertical-align:baseline;font-variant:normal;font-style:normal;fo=
nt-size:15px;background-color:transparent;text-decoration:none;font-family:=
Arial;font-weight:normal"></span></p>
<br><span style=3D"vertical-align:baseline;font-variant:normal;font-style:n=
ormal;font-size:15px;background-color:transparent;text-decoration:none;font=
-family:Arial;font-weight:normal"></span><p dir=3D"ltr" style=3D"line-heigh=
t:1.15;margin-top:0pt;margin-bottom:0pt">
<span style=3D"vertical-align:baseline;font-variant:normal;font-style:norma=
l;font-size:15px;background-color:transparent;text-decoration:none;font-fam=
ily:Arial;font-weight:normal">The
question is, why call out-of-range a =E2=80=9Cprecondition=E2=80=9D if we =
accept it as=20
well-defined input? What is the definition of a precondition? What is=20
the purpose of specifying one? Is it a license to the compiler for=20
rejecting any code where it can prove that a precondition is violated?=20
So should smart compilers be allowed to reject functions like </span><span =
style=3D"vertical-align:baseline;font-variant:normal;font-style:normal;font=
-size:15px;background-color:transparent;text-decoration:none;font-family:&#=
39;Courier New';font-weight:normal">listChars</span><span style=3D"vert=
ical-align:baseline;font-variant:normal;font-style:normal;font-size:15px;ba=
ckground-color:transparent;text-decoration:none;font-family:Arial;font-weig=
ht:normal"> above? Or is precondition only a hint on usage for other develo=
pers?</span></p>
<br></blockquote></div><br><br></div><div class=3D"gmail_extra">at() is bas=
ically described incorrectly and should be fixed.=C2=A0 I *think* there is =
general consensus in the committee that cases like this are broken.=C2=A0 p=
os < size() should NOT be a precondition in this case, since it is speci=
fied exactly what happens when the "precondition" is violated.<br=
>
<br>Tony<br></div></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups &=
quot;ISO C++ Standard - Future Proposals" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.<br />
To post to this group, send email to std-proposals@isocpp.org.<br />
Visit this group at <a href=3D"http://groups.google.com/a/isocpp.org/group/=
std-proposals/?hl=3Den">http://groups.google.com/a/isocpp.org/group/std-pro=
posals/?hl=3Den</a>.<br />
<br />
<br />
--047d7b3432b83df97104dd77ad76--
.
Author: Nevin Liber <nevin@eviloverlord.com>
Date: Fri, 24 May 2013 09:43:36 -0500
Raw View
--047d7b6783ac4b80c404dd77d5e5
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 24 May 2013 09:33, Tony V E <tvaneerd@gmail.com> wrote:
> at() is basically described incorrectly and should be fixed.
>
It already has been (I reported it a while ago).
IMO your best bet is to look at the C++14 CD Programming Languages =96 C++,
Committee Draft <http://isocpp.org/files/papers/N3690.pdf> as a base
document for future proposals (even though it may change between now and
C++14).
--=20
Nevin ":-)" Liber <mailto:nevin@eviloverlord.com> (847) 691-1404
--=20
---=20
You received this message because you are subscribed to the Google Groups "=
ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-proposals@isocpp.org.
Visit this group at http://groups.google.com/a/isocpp.org/group/std-proposa=
ls/?hl=3Den.
--047d7b6783ac4b80c404dd77d5e5
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 24 May 2013 09:33, Tony V E <span dir=3D"ltr"><<a href=3D"mailto:tvan=
eerd@gmail.com" target=3D"_blank">tvaneerd@gmail.com</a>></span> wrote:<=
br><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"ltr"><div class=3D"gmail_extra">at() is basically described inc=
orrectly and should be fixed.=A0</div></div></blockquote><div><br></div><di=
v>It already has been (I reported it a while ago).</div><div><br></div><div=
>
IMO your best bet is to look at the C++14 CD=A0<a href=3D"http://isocpp.org=
/files/papers/N3690.pdf">Programming Languages =96 C++, Committee Draft</a>=
=A0as a base document for future proposals (even though it may change betwe=
en now and C++14).</div>
</div>-- <br>=A0Nevin ":-)" Liber=A0 <mailto:<a href=3D"mailto=
:nevin@eviloverlord.com" target=3D"_blank">nevin@eviloverlord.com</a>>=
=A0 (847) 691-1404
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups &=
quot;ISO C++ Standard - Future Proposals" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.<br />
To post to this group, send email to std-proposals@isocpp.org.<br />
Visit this group at <a href=3D"http://groups.google.com/a/isocpp.org/group/=
std-proposals/?hl=3Den">http://groups.google.com/a/isocpp.org/group/std-pro=
posals/?hl=3Den</a>.<br />
<br />
<br />
--047d7b6783ac4b80c404dd77d5e5--
.
Author: =?ISO-8859-1?Q?Daniel_Kr=FCgler?= <daniel.kruegler@gmail.com>
Date: Fri, 24 May 2013 16:53:47 +0200
Raw View
2013/5/24 Tony V E <tvaneerd@gmail.com>:
>
> On Fri, May 24, 2013 at 9:37 AM, Andrzej Krzemie=C5=84ski <akrzemi1@gmail=
..com>
> wrote:
>>
>> Hi everyone,
>>
>> While trying to figure out what should the definition of "precondition" =
be
>> in C++, I collected a number of examples of potential preconditions, and
>> things that could be confused with preconditions, from the Standard Libr=
ary.
>> These could serve as a basis for choosing the semantics of preconditions=
.. If
>> you can think of any other kind of expectations on function inputs that
>> could possibly qualify for preconditions, please let me know.
>>
>> Regards,
>> &rzej
>>
>>
>> =E2=80=9CLogical=E2=80=9D error with guaranteed error report
>>
>> 21.4.5 (basic_string element access), paragraphs 5 - 6:
>>
>> reference at(size_type pos);
>>
>> Requires: pos < size()
>>
>> Throws: out_of_range if pos >=3D size().
>>
>>
>> This is accompanied by the controversial requirement from the standard
>> (17.6.4.11): =E2=80=9CViolation of the preconditions specified in a func=
tion=E2=80=99s
>> Requires: paragraph results in undefined behavior
>>
>> unless the function=E2=80=99s Throws: paragraph specifies throwing an ex=
ception
>> when the precondition is violated.=E2=80=9D
>>
>> Here, it is very well defined what happens in case we provide the
>> out-of-range index. This makes the following program well defined:
>>
>>
>> void listChars(string const& s)
>>
>> {
>>
>> int i =3D 0;
>>
>> try {
>>
>> while(true) cout << vec.at(i++);
>>
>> }
>>
>> catch(out_of_range const&) {}
>>
>> }
>>
>>
>> The question is, why call out-of-range a =E2=80=9Cprecondition=E2=80=9D =
if we accept it as
>> well-defined input? What is the definition of a precondition? What is th=
e
>> purpose of specifying one? Is it a license to the compiler for rejecting=
any
>> code where it can prove that a precondition is violated? So should smart
>> compilers be allowed to reject functions like listChars above? Or is
>> precondition only a hint on usage for other developers?
>>
>>
>
>
> at() is basically described incorrectly and should be fixed. I *think*
> there is general consensus in the committee that cases like this are brok=
en.
> pos < size() should NOT be a precondition in this case, since it is
> specified exactly what happens when the "precondition" is violated.
The "at" problem has been fixed, see
http://cplusplus.github.io/LWG/lwg-defects.html#2207
There are several others left, we have a placeholder issue for that, see
http://cplusplus.github.io/LWG/lwg-active.html#2250
- Daniel
--=20
---=20
You received this message because you are subscribed to the Google Groups "=
ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-proposals@isocpp.org.
Visit this group at http://groups.google.com/a/isocpp.org/group/std-proposa=
ls/?hl=3Den.
.
Author: Nicol Bolas <jmckesson@gmail.com>
Date: Fri, 24 May 2013 11:39:33 -0700 (PDT)
Raw View
------=_Part_562_16599350.1369420773687
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On Friday, May 24, 2013 7:43:36 AM UTC-7, Nevin ":-)" Liber wrote:
>
> On 24 May 2013 09:33, Tony V E <tvan...@gmail.com <javascript:>> wrote:
>
>> at() is basically described incorrectly and should be fixed.=20
>>
>
> It already has been (I reported it a while ago).
>
> IMO your best bet is to look at the C++14 CD Programming Languages =96 C+=
+,=20
> Committee Draft <http://isocpp.org/files/papers/N3690.pdf> as a base=20
> document for future proposals (even though it may change between now and=
=20
> C++14).
>
Not all of these have been fixed. It should be noted that, relative to the=
=20
C++14 CD, section 17.6.4.11 states:
Violation of the preconditions specified in a function=92s Requires:=20
> paragraph results in undefined behavior unless the function=92s Throws:=
=20
> paragraph specifies throwing an exception when the precondition is violat=
ed.
>
It seems that you're saying that there shouldn't be that "unless" clause=20
there.
--=20
---=20
You received this message because you are subscribed to the Google Groups "=
ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-proposals@isocpp.org.
Visit this group at http://groups.google.com/a/isocpp.org/group/std-proposa=
ls/?hl=3Den.
------=_Part_562_16599350.1369420773687
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On Friday, May 24, 2013 7:43:36 AM UTC-7, Nevin ":-)" Liber wrote:<blockquo=
te class=3D"gmail_quote" style=3D"margin: 0;margin-left: 0.8ex;border-left:=
1px #ccc solid;padding-left: 1ex;">On 24 May 2013 09:33, Tony V E <span di=
r=3D"ltr"><<a href=3D"javascript:" target=3D"_blank" gdf-obfuscated-mail=
to=3D"kNUMQsGtmIsJ">tvan...@gmail.com</a>></span> wrote:<br><div class=
=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"ltr"><div>at() is basically described incorrectly and should be=
fixed. </div></div></blockquote><div><br></div><div>It already has be=
en (I reported it a while ago).</div><div><br></div><div>
IMO your best bet is to look at the C++14 CD <a href=3D"http://isocpp.=
org/files/papers/N3690.pdf" target=3D"_blank">Programming Languages =96 C++=
, Committee Draft</a> as a base document for future proposals (even th=
ough it may change between now and C++14).</div></div></blockquote><div><br=
>Not all of these have been fixed. It should be noted that, relative to the=
C++14 CD, section 17.6.4.11 states:<br><br><blockquote style=3D"margin: 0p=
x 0px 0px 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1=
ex;" class=3D"gmail_quote">Violation of the preconditions specified in a fu=
nction=92s Requires: paragraph results in undefined behavior unless the fun=
ction=92s Throws: paragraph specifies throwing an exception when the precon=
dition is violated.<br></blockquote><div><br>It seems that you're saying th=
at there shouldn't be that "unless" clause there.<br></div></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups &=
quot;ISO C++ Standard - Future Proposals" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.<br />
To post to this group, send email to std-proposals@isocpp.org.<br />
Visit this group at <a href=3D"http://groups.google.com/a/isocpp.org/group/=
std-proposals/?hl=3Den">http://groups.google.com/a/isocpp.org/group/std-pro=
posals/?hl=3Den</a>.<br />
<br />
<br />
------=_Part_562_16599350.1369420773687--
.
Author: Lawrence Crowl <crowl@googlers.com>
Date: Fri, 24 May 2013 14:29:56 -0700
Raw View
On 5/24/13, Andrzej Krzemie=C5=84ski <akrzemi1@gmail.com> wrote:
> While trying to figure out what should the definition of "precondition" b=
e
> in C++, I collected a number of examples of potential preconditions, and
> things that could be confused with preconditions, from the Standard
> Library. These could serve as a basis for choosing the semantics of
> preconditions. If you can think of any other kind of expectations on
> function inputs that could possibly qualify for preconditions, please let
> me know.
>
> Regards,
> &rzej
>
>
> UB for performance reasons
Undefined behavior is not just for performance reasons. It is also
to enable tools to introduce code to catch errors.
>
> 21.4.5 (basic_string element access), paragraphs 1 and 3 :
>
> reference operator[](size_type pos);
>
> Requires: pos <=3D size().
>
> Throws: Nothing.
>
> To guarantee the maximum run-time performance we require of the callers
> that they make sure the precondition holds. Somewhat similar example:
>
> 25.4.3.4 (binary_search), paragraph 1:
>
> template<class ForwardIterator, class T, class Compare>
>
> bool binary_search(ForwardIterator first, ForwardIterator last,
>
> const T& value, Compare comp);
>
> Requires: The elements e of [first,last) are partitioned with respect to
> the expressions comp(e, value) and !comp(value, e). Also, for all element=
s
> eof[first, last),
> comp(e, value) implies !comp(value, e).
>
> Here, most of the requirement could be expressed with C++ expressions
> (using C++14 polymorphic lambdas):
>
> is_partitioned(first, last, [&value](auto&& e){
>
> return comp(e, value);
>
> });
>
> is_partitioned(first, last, [&value](auto&& e){
>
> return !comp(value, e);
>
> });
>
> all_of(first, last, [&value](auto&& e){
>
> return !comp(e, value) || !comp(value, e); // antisymmetry
>
> });
>
> However, the runtime complexity of binary_search is O(log(n)) while the
> complexity of the precondition is O(n).
It would be nice to be able to turn off "expensive" precondition
checking.
> However, there is also one implied precondition that cannot be easily
> expressed: first and last must form a valid range. That is, there is no
> expression that can return true for all valid ranges and false for all
> invalid ranges. This is somewhat similar to checking if a non-null pointe=
r
> points to valid memory.
The arguments must be well-formed enough to evaluate the preconditions.
I do not see a way around that problem.
> =E2=80=9CLogical=E2=80=9D error with guaranteed error report
>
> 21.4.5 (basic_string element access), paragraphs 5 - 6:
>
> reference at(size_type pos);
>
> Requires: pos < size()
>
> Throws: out_of_range if pos >=3D size().
>
> This is accompanied by the controversial requirement from the standard
> (17.6.4.11): =E2=80=9CViolation of the preconditions specified in a funct=
ion=E2=80=99s
> Requires: paragraph results in undefined behavior
>
> unless the function=E2=80=99s Throws: paragraph specifies throwing an exc=
eption
> when the precondition is violated.=E2=80=9D
>
> Here, it is very well defined what happens in case we provide the
> out-of-range index. This makes the following program well defined:
>
> void listChars(string const& s)
>
> {
>
> int i =3D 0;
>
> try {
>
> while(true) cout << vec.at(i++);
>
> }
>
> catch(out_of_range const&) {}
>
> }
>
> The question is, why call out-of-range a =E2=80=9Cprecondition=E2=80=9D i=
f we accept it as
> well-defined input? What is the definition of a precondition? What is the
> purpose of specifying one? Is it a license to the compiler for rejecting
> any code where it can prove that a precondition is violated? So should
> smart compilers be allowed to reject functions like listChars above? Or i=
s
> precondition only a hint on usage for other developers?
> Only an irregular input
>
> 20.8.11.2.4 (function invocation), paragraphs 1 and 3:
>
> R operator()(ArgTypes... args) const;
>
> Effects: INVOKE(f, std::forward<ArgTypes>(args)..., R), where f is the
> target object of *this.
>
> Throws: bad_function_call if !*this; otherwise, any exception thrown by t=
he
>
> wrapped callable object.
>
> 23.2.3 (Sequence containers), paragraph 17:
>
> =E2=80=9CThe member function at() provides bounds-checked access to conta=
iner
> elements. at() throws out_of_range if n >=3D a.size().=E2=80=9D
>
> In either case no precondition is specified, although we can intuitively
> see that such inputs are =E2=80=9Cfishy=E2=80=9D. Thus the following code=
is perfectly
> valid:
>
> int process(function<int(int)> f, int i)
>
> {
>
> try {
>
> return f(i);
>
> }
>
> catch(bad_function_call const&) {
>
> return 0;
>
> }
> }
--=20
Lawrence Crowl
--=20
---=20
You received this message because you are subscribed to the Google Groups "=
ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-proposals@isocpp.org.
Visit this group at http://groups.google.com/a/isocpp.org/group/std-proposa=
ls/?hl=3Den.
.